Privacy Policy

Last Updated: 29th August 2025

Thank you for visiting Kibu (hereafter "Kibu," "we," "us," or "our"). We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and protect information we obtain about our customers and website visitors.

1. WHO WE ARE

Kibu is owned and operated by Kibu (Company Number: 15495561).

Registered Office: 1a Dunn Street, London, E8 2DG
Correspondence Address: 1a Dunn Street, London, E8 2DG
Privacy Inquiries: privacy@kibu.family

For the purposes of UK data protection law (including the UK GDPR and the Data Protection Act 2018), Kibu is the "data controller" of your personal data.

2. WHAT DATA WE COLLECT

We collect several types of information from you, depending on how you interact with our website and services.

Information You Provide Voluntarily

  • Order Information: When you purchase from Kibu, we collect your name, shipping address, billing address, email address, and any engraving details you provide (such as a child's name). We may also collect payment details, though payment is processed securely by our third-party payment processor (Stripe).
  • Reviews: When you submit a product review on our site, we collect your first name, last name, email address (for order verification, not displayed publicly), rating, and any feedback you provide.
  • Email List: If you opt in to receive our newsletters or marketing emails, we collect your email address and any preferences you indicate.

Information Collected Automatically

  • Cookies: We use cookies and similar tracking technologies to enhance your experience on our site, remember your preferences, and gather usage statistics. You will see a cookie banner where you can consent to or manage these cookies.
  • Analytics Data: We use Google Analytics, Facebook/Meta Pixel and Microsoft Clarity to understand how users navigate our site, track conversions, and measure the effectiveness of our advertising.

Information from Third Parties

  • Payment Processors: When you check out using Stripe, we may receive limited information about your transaction to fulfill and ship your order.
  • Email Marketing Platforms: We use Klaviyo for our email campaigns. If you sign up for our newsletter or promotions, your email address and preferences are stored in Klaviyo.
  • Event Platforms (Eventbrite): When you purchase or register for an event, we receive your booking details from Eventbrite so we can manage your attendance. Eventbrite is our processor for ticketing; their privacy notice also applies to your use of their platform.

Note on Children's Data: Our website and services are intended for adults/guardians purchasing items for children. We do not knowingly collect personal data from children under 13 (or the relevant minimum age in your jurisdiction). Any engraving details that include a child's name are provided by the adult purchaser. Events: We collect a child's first name and age only for consent and operational purposes at workshops. A parent/guardian must complete the booking and consent. We do not publish a child's full name with images.

3. HOW WE USE YOUR DATA

We only use your personal data when the law allows us to. Common uses include:

Fulfilling Contracts

To process your orders, arrange delivery, handle returns or exchanges, and keep proper records for legal and financial compliance.

Consent

If you have opted into marketing, we will use your data to send you newsletters, promotions, or updates about new products. You can withdraw consent at any time by clicking "unsubscribe" in any email or by contacting us at privacy@kibu.family.

Legitimate Interests

  • To improve our products and website based on analytics and feedback.
  • To maintain security and prevent fraud.
  • To personalize your user experience.
  • Safety & logistics: Attendee management, safeguarding, incident reporting (a minimal record).

Event Administration (Contract)

To process bookings, waitlists, venue access, and event communications.

Marketing Images/Video (Consent)

We only use photos/recordings of identifiable attendees for Kibu marketing if you consent; you may withdraw any time (see Section 13).

Legal Compliance

We may process or disclose your data to comply with legal obligations, government requests, or to assert legal rights.

4. DISCLOSURE OF YOUR DATA

We do not sell your personal data to third parties. We may share your data in the following circumstances:

  • Service Providers: We use trusted third-party services to help deliver our products.
  • Analytics and Advertising Partners: Google Analytics and Facebook/Meta Pixel help us measure the effectiveness of our marketing.
  • Event Partners & Media: We may share limited event content with PR/marketing service providers acting on our instructions. News media present at events are separate controllers responsible for their own processing and privacy information.
  • Legal or Regulatory Requests: We may share your data if required by law or to protect our rights.

5. INTERNATIONAL DATA TRANSFERS

Our main operations and servers are located in London, UK. However, some of our service providers (such as AWS, MongoDB Atlas, Klaviyo) may store or process data outside the UK. Whenever we transfer your data internationally, we ensure an adequate level of protection is in place.

Some providers (e.g., Google, Meta, Microsoft, Klaviyo, Eventbrite) are in or use infrastructure in the United States. Where applicable we rely on the UK-US Data Bridge (for certified organisations) or Standard Contractual Clauses/IDTA plus a transfer risk assessment to protect your information.

6. DATA RETENTION

  • Order Information: We retain for at least 6 years to comply with tax and accounting regulations.
  • Marketing Communications: We keep your email on file indefinitely until you unsubscribe or request deletion.
  • Reviews: Reviews may be displayed on our site indefinitely unless you request removal.
  • Cookie Data: Cookie lifespans vary. Please see our Cookie Policy for specific durations.
  • Event Media: Event media used for marketing is reviewed every 3 years and may be retained longer in archival copies; we cease future use if consent is withdrawn.

7. SECURITY MEASURES

We take reasonable steps to protect your personal data against unauthorized access, loss, alteration, or misuse. These include:

  • HTTPS/TLS Encryption: Our website uses secure connections (HTTPS) to protect data in transit.
  • Secure Infrastructure: Our backend is hosted on AWS and MongoDB Atlas, both maintaining robust security certifications.
  • Payment Security: Stripe handles all payment information, maintaining PCI DSS compliance.

8. COOKIES & TRACKING TECHNOLOGIES

We use cookies, pixel tags, and similar technologies to provide, customize, and measure the performance of our website. We set non-essential cookies and pixels (e.g., Google Analytics, Meta Pixel, Microsoft Clarity) only with your consent via our cookie banner. You can change or withdraw consent at any time using your browser settings or our cookie preferences. Advertising/measurement cookies are not "strictly necessary" under PECR and require opt-in consent.

  • Essential Cookies: Necessary for our website to function.
  • Analytics Cookies: Used by Google Analytics to understand site performance.
  • Advertising Cookies: Used by Facebook/Meta Pixel and Microsoft Clarity to show relevant ads and measure performance.

9. YOUR RIGHTS

Under UK GDPR, you have certain rights regarding your personal data, including the right to:

  • Access your personal data
  • Request corrections to inaccurate data
  • Request deletion of your data
  • Object to our processing of your data
  • Request restriction of processing
  • Request data portability
  • Withdraw consent for marketing images/video at any time (see Section 13)

Complain to the ICO: You can lodge a complaint with the UK Information Commissioner's Office if you're unhappy with how we handle your data. See ico.org.uk for contact details.

10. CHILDREN'S PRIVACY

Our website and services are intended for adults/guardians purchasing on behalf of children. We do not knowingly collect personal data from children without parental consent. If you believe a child has provided us with personal data, please contact us at privacy@kibu.family.

We collect children's data at events only with parental/guardian consent. We minimise what we collect (e.g., first name and age) and avoid publishing identifying details with images.

11. DATA PROTECTION IMPACT ASSESSMENTS

We conduct Data Protection Impact Assessments for higher-risk activities (e.g., filming at events) where appropriate to ensure we maintain the highest standards of data protection.

12. OUR SERVICE PROVIDERS

We work with trusted third-party service providers to deliver our services. Key processors include:

  • Eventbrite (US) – Event ticketing and registration
  • Stripe (US/EU) – Payment processing
  • AWS (UK/EU) – Cloud hosting infrastructure
  • MongoDB Atlas (Multi-region) – Database services
  • Klaviyo (US) – Email marketing platform
  • Google Analytics (US) – Website analytics
  • Meta/Facebook Pixel (US) – Advertising and analytics
  • Microsoft Clarity (US) – User experience analytics

All processors are contractually bound to protect your data and use it only on our instructions.

13. EVENTS, TICKETING & MEDIA (WORKSHOPS, PHOTOGRAPHY & FILMING)

What We Collect

If you register for a Kibu event (e.g., workshops) we collect attendee/booking data (name, email, phone, ticket details) and, if you choose to give it, consent for Kibu to use photographs/video/audio of you and/or your child for Kibu marketing.

Lawful Bases

  • Contract: To administer your booking (issuing tickets, entry, communications).
  • Legitimate interests: Event safety, access control, and incident management.
  • Consent: Only for Kibu marketing use of photos/video/audio (you can refuse and still attend where available; withdrawing consent stops future use).

Children's Data

For under-18s, consent must be granted by a parent/legal guardian with parental responsibility. We avoid publishing a child's full name or other identifying details alongside images.

Third-Party Media

News organisations (e.g., CNN) filming at our events act as independent controllers under journalistic rules; queries about their footage should be directed to them.

Service Providers

We may engage photographers, videographers, editors and marketing agencies as processors under contract (confidentiality, security, and use only on our instructions).

How to Withdraw Consent

Email privacy@kibu.family with details (event, date, description of the image/clip). We will stop future use as soon as reasonably possible; materials already printed, distributed or posted by third parties may not be fully retractable.

Retention

Event booking data is kept per our order/financial retention rules. Marketing images/video are reviewed on a rolling 3-year cycle and removed from future use if consent is withdrawn.

14. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify you by posting a notice on our website or by emailing you if you've provided us with your email address.

15. CONTACT US

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Kibu
1a Dunn Street, London, E8 2DG
Email: privacy@kibu.family

Your basket (0 items)
You haven't added anything to your basket yet
You've qualified for free delivery
Subtotal£0.00
DeliveryFREE
Total£0.00
Amex LogoMastercard LogoVisa LogoRevolut LogoApple Pay LogoLink LogoStripe Logo